Description
Multiple SQL injection vulnerabilities in the Leads module in SugarCRM 6.1 before 6.1.7, 6.2 before 6.2.4, 6.3 before 6.3.0RC3, and 6.4 before 6.4.0beta1 allow remote attackers to execute arbitrary SQL commands via the (1) where and (2) order parameters in a get_full_list action to index.php.
Remediation
References
Related Vulnerabilities
MySQL CVE-2019-2993 Vulnerability (CVE-2019-2993)
WordPress Plugin Front File Manager 'upload.php' Arbitrary File Upload (0.1)
OpenSSL Other Vulnerability (CVE-2015-0291)
WordPress Plugin Imagements Arbitrary File Upload (1.2.5)
Nexus Repository Manager Server-Side Request Forgery (SSRF) Vulnerability (CVE-2022-27907)